Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

FBI Warns of Malware Attacks Through Hotel Internet Services

The FBI warned people traveling abroad that attackers are targeting users on hotel networks by tricking them into installing malware under the guise of software updates. The agency's Internet Crime Complaint Center says any government, business or academic personnel traveling abroad should be especially wary.

WEBINAR:On-Demand

The FBI issued an advisory this week alerting international travelers about attempts to infect their computers with malware when they log on to hotel networks.

In an intelligence note from the FBI's Internet Crime Complaint Center (IC3), the agency warned that attackers have been targeting travelers abroad when they use the Internet connection in their hotel rooms. According to the FBI, when the victims attempted to set up the hotel room Internet connection, they were presented with a pop-up window notifying them to update a "widely-used software product."

"If the user clicked to accept and install the update, malicious software was installed on the laptop," according to IC3. "The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available."

The FBI recommends checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor, and advises travelers to update the software on their laptops immediately before traveling.

Further reading

The warning follows a December report from Bloomberg that cited unnamed sources alleging that iBAHN, one of the largest providers of hotel Internet service in the world, had been compromised. The company has denied the accusation. The FBI warning does not include any information about specific hotel chains or service providers.

The scant details offered in the intelligence note, however, make it difficult to know exactly what travelers should do beyond the basics, argued Graham Cluley, senior technology consultant at Sophos.

"What's fascinating about the advisory is what it doesn't say," he blogged. "And without more information it's hard to know how computer users are supposed to take meaningful action to protect themselves other than follow the normal advice of running security software, being careful what you install, running a VPN to hide your browsing from snoopers, etc.

"It's certainly very peculiar that the FBI didn't share more information in its warning, or mention where in the world it believes it has seen these attacks taking place," he added. "By coincidence, earlier this week, for the first time in almost ten years, a Chinese defense minister visited the United States. The day before the FBI's warning was issued, US Defense Secretary Leon Panetta met his Chinese counterpart Liang Guanglie in Washington DC, and told the world's press that the two countries must work together to avoid cyber war, and emphasized the importance of the relationship between China and the USA."

There is inherent risk in connecting to public WiFi networks due to the ability of attackers to target unsuspecting users and peddle scams and malware, said John Harrison, senior manager at Symantec Security Response.

"It is also unfortunately all too easy for hackers to set up rogue WiFi access points with the sole purpose of intercepting your Internet trafficwhether that is accessing your social media and financial accounts or tricking users with fake software updates," he said. "Just because a network name says 'Free WiFi,' 'Hotel XYZ WiFi' or even the brand name of your ISP or coffee shop does not ensure it is legitimate.

"Corporate users should only connect to their networks using VPN software to ensure encrypted connections between their laptops and their corporate networks," Harrison added.

"Beyond that, standard security best practices apply: They should use a modern endpoint or Internet security software on their computers and mobile devices, and they should be wary of any pop-ups requesting them to download updates and other potential social engineering scams. Software updates should only be installed through corporate software updating mechanisms, internal servers or by users going directly to their software publishers' Websites."

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.